Report: More states are taking steps to protect student privacy

Report: More states are taking steps to protect student privacy

Almost two-thirds of states have passed a new student privacy law in the past 3 years

A new analysis from the Data Quality Campaign shows more and more states are taking steps to ensure student privacy through legislation.

During the past three years, every state but Vermont has introduced at least one bill and 36 states now have at least one new student privacy law. In 2016, 14 states passed 16 laws.

Most of the states that passed new student data privacy laws in 2016 had already passed a student data privacy law, a sign that states continue to refine laws to ensure they protect student information while allowing educators to use data in service of student learning. While states signed fewer new bills into law this year than in 2015 or in 2014, the analysis, which is available online, shows that states are considering more diverse issues and thinking more broadly about data and privacy in schools than in recent years.

Separately, a report on data privacy from the Southern Regional Education Board, found that 34 states (including 14 SREB member states, mostly located in the U.S. South) enacted new legislation designed to protect student information that spell out everything from who can collect and view student data to what information schools can share with vendors to the creation of a state controller to manage student data security.

“It’s clear that states are building on prior legislative efforts and continuing conversations about how to use data effectively while ensuring student privacy,” said Paige Kowalski, executive vice president for the Data Quality Campaign.

“Although states enacted fewer new laws this year, schools across the nation are operating under a significantly altered legal framework than they were just a few years ago. Congress will need to examine this new landscape if they are looking to update federal privacy laws in the next session.”

Over time, the student data privacy bills have become more focused on data governance (establishing processes for making decisions about data use) with fewer bills that would compromise the basic functioning of state’s education services. In 2014, a quarter of the bills introduced threatened states’ ability to use data to help students, compared to 2016 when that proportion was less than 10 percent. In 2014, less than half of the bills provided for governance.

The states’ legislative efforts this year focused on three key areas: regulating online service providers, establishing greater transparency around how states and districts are handling student information, and granting new responsibilities for safeguarding data to districts.

Nearly half of the bills introduced (52) governed the data activities of third-party service providers. Thirty-six of those bills contained provisions based on California’s SOPIPA Act, which was passed in 2014 to govern online service providers.

Sixty-nine bills sought to establish greater transparency around how states and districts are managing student information.

States proposed assigning new responsibilities for safeguarding data to districts, including governance. Forty-four bills proposed giving new responsibilities to local education agencies.